rev |
line source |
pascal@12445
|
1 CVE-2015-0235 GHOST
|
pascal@12445
|
2 From https://sourceware.org/git/?p=glibc.git;a=commit;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd
|
pascal@12445
|
3 --- glibc-2.13/nss/digits_dots.c
|
pascal@12445
|
4 +++ glibc-2.13/nss/digits_dots.c
|
pascal@12445
|
5 @@ -47,7 +47,10 @@
|
pascal@12445
|
6 {
|
pascal@12445
|
7 if (h_errnop)
|
pascal@12445
|
8 *h_errnop = NETDB_INTERNAL;
|
pascal@12445
|
9 - *result = NULL;
|
pascal@12445
|
10 + if (buffer_size == NULL)
|
pascal@12445
|
11 + *status = NSS_STATUS_TRYAGAIN;
|
pascal@12445
|
12 + else
|
pascal@12445
|
13 + *result = NULL;
|
pascal@12445
|
14 return -1;
|
pascal@12445
|
15 }
|
pascal@12445
|
16
|
pascal@12447
|
17 @@ -90,8 +93,9 @@
|
pascal@12445
|
18 {
|
pascal@12445
|
19 if (buflen < size_needed)
|
pascal@12445
|
20 {
|
pascal@12445
|
21 + *status = NSS_STATUS_TRYAGAIN;
|
pascal@12445
|
22 if (h_errnop != NULL)
|
pascal@12445
|
23 - *h_errnop = TRY_AGAIN;
|
pascal@12445
|
24 + *h_errnop = NETDB_INTERNAL;
|
pascal@12445
|
25 __set_errno (ERANGE);
|
pascal@12445
|
26 goto done;
|
pascal@12445
|
27 }
|
pascal@12447
|
28 @@ -110,7 +114,7 @@
|
pascal@12445
|
29 *buffer_size = 0;
|
pascal@12445
|
30 __set_errno (save);
|
pascal@12445
|
31 if (h_errnop != NULL)
|
pascal@12445
|
32 - *h_errnop = TRY_AGAIN;
|
pascal@12445
|
33 + *h_errnop = NETDB_INTERNAL;
|
pascal@12445
|
34 *result = NULL;
|
pascal@12445
|
35 goto done;
|
pascal@12445
|
36 }
|
pascal@12447
|
37 @@ -150,7 +154,9 @@
|
pascal@12445
|
38 if (! ok)
|
pascal@12445
|
39 {
|
pascal@12445
|
40 *h_errnop = HOST_NOT_FOUND;
|
pascal@12445
|
41 - if (buffer_size)
|
pascal@12445
|
42 + if (buffer_size == NULL)
|
pascal@12446
|
43 + *status = NSS_STATUS_NOTFOUND;
|
pascal@12445
|
44 + else
|
pascal@12445
|
45 *result = NULL;
|
pascal@12445
|
46 goto done;
|
pascal@12445
|
47 }
|
pascal@12447
|
48 @@ -202,15 +208,6 @@
|
pascal@12445
|
49
|
pascal@12445
|
50 if ((isxdigit (name[0]) && strchr (name, ':') != NULL) || name[0] == ':')
|
pascal@12445
|
51 {
|
pascal@12445
|
52 - const char *cp;
|
pascal@12445
|
53 - char *hostname;
|
pascal@12445
|
54 - typedef unsigned char host_addr_t[16];
|
pascal@12445
|
55 - host_addr_t *host_addr;
|
pascal@12445
|
56 - typedef char *host_addr_list_t[2];
|
pascal@12445
|
57 - host_addr_list_t *h_addr_ptrs;
|
pascal@12445
|
58 - size_t size_needed;
|
pascal@12445
|
59 - int addr_size;
|
pascal@12445
|
60 -
|
pascal@12445
|
61 switch (af)
|
pascal@12445
|
62 {
|
pascal@12445
|
63 default:
|
pascal@12447
|
64 @@ -226,7 +223,10 @@
|
pascal@12445
|
65 /* This is not possible. We cannot represent an IPv6 address
|
pascal@12445
|
66 in an `struct in_addr' variable. */
|
pascal@12445
|
67 *h_errnop = HOST_NOT_FOUND;
|
pascal@12445
|
68 - *result = NULL;
|
pascal@12445
|
69 + if (buffer_size == NULL)
|
pascal@12445
|
70 + *status = NSS_STATUS_NOTFOUND;
|
pascal@12445
|
71 + else
|
pascal@12445
|
72 + *result = NULL;
|
pascal@12445
|
73 goto done;
|
pascal@12445
|
74
|
pascal@12445
|
75 case AF_INET6:
|
pascal@12447
|
76 @@ -234,42 +234,6 @@
|
pascal@12445
|
77 break;
|
pascal@12445
|
78 }
|
pascal@12445
|
79
|
pascal@12445
|
80 - size_needed = (sizeof (*host_addr)
|
pascal@12445
|
81 - + sizeof (*h_addr_ptrs) + strlen (name) + 1);
|
pascal@12445
|
82 -
|
pascal@12445
|
83 - if (buffer_size == NULL && buflen < size_needed)
|
pascal@12445
|
84 - {
|
pascal@12445
|
85 - if (h_errnop != NULL)
|
pascal@12445
|
86 - *h_errnop = TRY_AGAIN;
|
pascal@12445
|
87 - __set_errno (ERANGE);
|
pascal@12445
|
88 - goto done;
|
pascal@12445
|
89 - }
|
pascal@12445
|
90 - else if (buffer_size != NULL && *buffer_size < size_needed)
|
pascal@12445
|
91 - {
|
pascal@12445
|
92 - char *new_buf;
|
pascal@12445
|
93 - *buffer_size = size_needed;
|
pascal@12445
|
94 - new_buf = realloc (*buffer, *buffer_size);
|
pascal@12445
|
95 -
|
pascal@12445
|
96 - if (new_buf == NULL)
|
pascal@12445
|
97 - {
|
pascal@12445
|
98 - save = errno;
|
pascal@12445
|
99 - free (*buffer);
|
pascal@12445
|
100 - __set_errno (save);
|
pascal@12445
|
101 - *buffer = NULL;
|
pascal@12445
|
102 - *buffer_size = 0;
|
pascal@12445
|
103 - *result = NULL;
|
pascal@12445
|
104 - goto done;
|
pascal@12445
|
105 - }
|
pascal@12445
|
106 - *buffer = new_buf;
|
pascal@12445
|
107 - }
|
pascal@12445
|
108 -
|
pascal@12445
|
109 - memset (*buffer, '\0', size_needed);
|
pascal@12445
|
110 -
|
pascal@12445
|
111 - host_addr = (host_addr_t *) *buffer;
|
pascal@12445
|
112 - h_addr_ptrs = (host_addr_list_t *)
|
pascal@12445
|
113 - ((char *) host_addr + sizeof (*host_addr));
|
pascal@12445
|
114 - hostname = (char *) h_addr_ptrs + sizeof (*h_addr_ptrs);
|
pascal@12445
|
115 -
|
pascal@12445
|
116 for (cp = name;; ++cp)
|
pascal@12445
|
117 {
|
pascal@12445
|
118 if (!*cp)
|
pascal@12447
|
119 @@ -282,7 +246,9 @@
|
pascal@12445
|
120 if (inet_pton (AF_INET6, name, host_addr) <= 0)
|
pascal@12445
|
121 {
|
pascal@12445
|
122 *h_errnop = HOST_NOT_FOUND;
|
pascal@12445
|
123 - if (buffer_size)
|
pascal@12445
|
124 + if (buffer_size == NULL)
|
pascal@12446
|
125 + *status = NSS_STATUS_NOTFOUND;
|
pascal@12445
|
126 + else
|
pascal@12445
|
127 *result = NULL;
|
pascal@12445
|
128 goto done;
|
pascal@12445
|
129 }
|